-
-
Save kokoye2007/181221c489fa2816afbfa67ec9733bda to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [server] | |
| SERVER | |
| [server:vars] | |
| server_name=SERVER | |
| docker_nginx_ssl=true |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #inspired by https://medium.com/@pentacent/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71 | |
| - name: enabling ssl | |
| block: | |
| - name: certbot dirs | |
| file: path={{item}} state=directory mode=0755 group=root owner=root | |
| with_items: | |
| - "/var/lib/certbot/www" | |
| - "/var/log/certbot" | |
| - "/var/lib/certbot/conf/live/{{server_name}}" | |
| - name: creating dummy certificate | |
| docker_container: | |
| name: 'openssl' | |
| image: 'frapsoft/openssl' | |
| state: 'started' | |
| auto_remove: yes | |
| command: "req -x509 -nodes -newkey rsa:1024 -days 1 \ | |
| -keyout '/etc/letsencrypt/live/{{server_name}}/privkey.pem' \ | |
| -out '/etc/letsencrypt/live/{{server_name}}/fullchain.pem' \ | |
| -subj '/CN=localhost'" | |
| volumes: | |
| - "/var/lib/certbot/conf:/etc/letsencrypt" | |
| - name: copying options-ssl-nginx.conf | |
| copy: src=options-ssl-nginx.conf dest=/var/lib/certbot/conf/options-ssl-nginx.conf owner=root group=root mode=0644 | |
| - name: copying ssl-dhparams.pem | |
| copy: src=ssl-dhparams.pem dest=/var/lib/certbot/conf/ssl-dhparams.pem owner=root group=root mode=0644 | |
| - name: starting nginx with dummy certificate | |
| docker_container: | |
| name: 'nginx' | |
| state: 'started' | |
| - name: waiting for nginx | |
| wait_for: port=80 | |
| - name: deleting dummy certificates | |
| file: path={{item}} state=absent mode=0640 group=root owner=root | |
| with_items: | |
| - "/var/lib/certbot/conf/live/{{server_name}}" | |
| - name: requesting letsencrypt certificate | |
| docker_container: | |
| name: 'certbot' | |
| image: 'certbot/certbot' | |
| state: 'started' | |
| auto_remove: yes | |
| command: "certonly --webroot --webroot-path /var/www/certbot \ | |
| --email [email protected] --cert-name {{server_name}} \ | |
| -d {{server_name}} --rsa-key-size 4096 \ | |
| --agree-tos --force-renewal" | |
| volumes: | |
| - "/var/lib/certbot/conf:/etc/letsencrypt" | |
| - "/var/lib/certbot/www:/var/www/certbot" | |
| - "/var/log/certbot:/var/log/letsencrypt" | |
| - name: waiting for certbot | |
| wait_for: path=/var/log/certbot/letsencrypt.log search_regex="Your key file has been saved at" | |
| - name: restart nginx with prod certificate | |
| docker_container: | |
| name: 'nginx' | |
| state: 'started' | |
| restart: yes | |
| - name: waiting for nginx | |
| wait_for: port=80 | |
| when: docker_nginx_ssl == "true" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment